How to fix potential security vulnerability in a dependency defined in package-lock.json

13 September, 2018 | 1 min read

How to fix potential security vulnerability in a dependency defined in package-lock.json

Today I got assigned a ticket and it consisted in fix a vulnerability that github was complaining about, it was located in package-lock.json saying that this file has some vulnerabilities, I removed the file and tried to run npm install command alone which didn’t work, so I had to find another solution, not always you have to invent the wheel but instead know where you can find the information. This was the message:

A dependency defined in package-lock.json has known security vulnerabilities and should be updated. 

So I found this solution I would like to share with anyone having this issue:

Run this commands in order

  1. npm install <dep>
  2. npm uninstall <dep>
  3. npm update
  4. npm install
  5. Commit package-lock.json and push to proper branch with the changes we just did by running the previous commands
  6. Enjoy

That’s it for me it worked like a charm, check it and let me know what you think !! :) Thanks for reading this post if you have questions feel free to let me know, the best

Source

Jayson